Msrc Cbl2 Rust 1.72.0-11 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-12875 [MEDIUM] CWE-787 mruby array.c ary_fill_exec out-of-bounds write mruby array.c ary_fill_exec out-of-bounds write Mariner: Mariner VulDB: VulDB Customer Action Required: Yes

CVE-2025-10966 [MEDIUM] missing SFTP host verification with wolfSSH missing SFTP host verification with wolfSSH Mariner: Mariner curl: curl Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-13120 [MEDIUM] CWE-416 mruby array.c sort_cmp use after free mruby array.c sort_cmp use after free Mariner: Mariner VulDB: VulDB Customer Action Required: Yes

CVE-2025-53605 [MEDIUM] CWE-674 The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2024-58266 [LOW] CWE-116 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to